[go: up one dir, main page]

CN119377963A - Container-based software risk mitigation method, device, equipment and storage medium - Google Patents

Container-based software risk mitigation method, device, equipment and storage medium Download PDF

Info

Publication number
CN119377963A
CN119377963A CN202411334729.2A CN202411334729A CN119377963A CN 119377963 A CN119377963 A CN 119377963A CN 202411334729 A CN202411334729 A CN 202411334729A CN 119377963 A CN119377963 A CN 119377963A
Authority
CN
China
Prior art keywords
risk
software
trusted
container
target software
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411334729.2A
Other languages
Chinese (zh)
Inventor
段古纳
齐洪东
刘丹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING KEXIN HUATAI INFORMATION TECHNOLOGY CO LTD
Original Assignee
BEIJING KEXIN HUATAI INFORMATION TECHNOLOGY CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING KEXIN HUATAI INFORMATION TECHNOLOGY CO LTD filed Critical BEIJING KEXIN HUATAI INFORMATION TECHNOLOGY CO LTD
Priority to CN202411334729.2A priority Critical patent/CN119377963A/en
Publication of CN119377963A publication Critical patent/CN119377963A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The application relates to a container-based software risk resolution method, device, equipment and storage medium. When the target software is operated, if the target software is risk software, the trusted terminal operates the mirror image of the target software through the container and performs real-time risk monitoring through the security policy in the operation process of the container, wherein the mirror image of the target software and the security policy are issued by the trusted security management center. Therefore, after the risk software is identified, the risk software can be made into mirror images and placed in the container to run, and is isolated from other applications, so that the security threat to the terminal is reduced.

Description

Container-based software risk resolution method, device, equipment and storage medium
Technical Field
The present application relates to the field of terminal security technologies, and in particular, to a method, an apparatus, a device, and a storage medium for resolving software risk based on a container.
Background
Along with the maturity of communication technology, the convenience and convenience of the computing terminal have great leaps compared with traditional computing terminal equipment, gradually penetrate into each special industry field, the computing terminal is more and more widely covered, and the computing terminal security state protection technology is relatively backward when the computing terminal is not matched with the computing terminal security state protection technology. At present, if key files such as software of a terminal contain high-risk vulnerabilities and malicious codes, or the files are tampered due to local lack of safety protection, serious safety risks exist in the terminal, and serious safety accidents can be generated. Therefore, how to secure the terminal is a problem that needs to be solved by those skilled in the art.
Disclosure of Invention
The application provides a container-based software risk resolution method, device, equipment and storage medium, which are used for reducing the threat of running risk software to a terminal and improving the safety of the terminal.
In a first aspect, the present application provides a container-based software risk resolution method, where the software risk resolution method is applied to a trusted terminal, and the software risk resolution method includes:
Determining target software to be operated;
Judging whether the target software is risk software or not;
If yes, running the mirror image of the target software through a container, and monitoring the real-time risk through a security policy in the running process of the container, wherein the mirror image of the target software and the security policy are issued by a trusted security management center.
Optionally, running an image of the target software through a container, and performing real-time risk monitoring through a security policy during running of the container, including:
running the mirror image of the target software through a container, and monitoring the running state of the target software in real time through the security policy in the running process;
and if the running state of the target software is the abnormal state, executing corresponding processing operation through a processing strategy in the security strategy.
Optionally, running an image of the target software through the container, and during the running, monitoring the running state of the target software in real time through the security policy, including:
Loading the mirror image of the target software to the container, and carrying out static measurement according to a trusted policy, wherein the security policy comprises the trusted policy and a risk policy;
Running a mirror image of the target software through the container;
in the running process, dynamic measurement is carried out through the trusted policy, and the resource use condition, the running condition of the risk point and the authority use condition are monitored through the risk policy.
Optionally, if the running state of the target software is detected to be an abnormal state, executing a corresponding processing operation through a processing policy in the security policy, including:
If the static measurement result and/or the dynamic measurement result are/is detected to be abnormal, executing corresponding processing operation according to an untrusted processing strategy in the trusted strategy;
If at least one of the resource use condition, the running condition of the risk point and the authority use condition is detected to be abnormal, executing corresponding processing operation according to an abnormal handling strategy in the risk strategy.
Optionally, if the running state of the target software is monitored to be an abnormal state, the software risk resolution method further includes:
And generating a risk report according to the state data and the abnormal state of the target software in the running process, and sending the risk report to the trusted security management center so that the trusted security management center updates the security policy according to the risk report.
Optionally, before determining the target software to be run, the method further includes:
sending a request for downloading target software to a trusted security management center;
and if the target software is risk software, receiving the mirror image of the target software and the corresponding security policy sent by the trusted security management center.
Optionally, the receiving the mirror image of the target software and the corresponding security policy sent by the trusted security management center includes:
receiving a risk image package sent by the trusted security management center through a trusted connection channel, wherein the risk image package is generated by the trusted security management center after encrypting an image of the target software and the security policy through a password mechanism;
Decrypting the risk image package through the password mechanism to generate an image and a security policy of decrypted target software;
and carrying out integrity verification on the decrypted mirror image and the decrypted security policy of the target software, and storing the mirror image and the decrypted security policy of the target software into a security storage area after verification is successful.
In a second aspect, the present application provides a container-based software risk resolution device, the software risk resolution device being applied to a trusted terminal, the software risk resolution device comprising:
the determining module is used for determining target software to be operated;
the judging module is used for judging whether the target software is risk software or not, and if so, triggering the monitoring module;
The monitoring module is used for running the mirror image of the target software through a container and monitoring the real-time risk through a security policy in the running process of the container, wherein the mirror image of the target software and the security policy are issued by the trusted security management center.
In a third aspect, the present application provides an electronic device, comprising:
The method comprises the steps of a processor, a memory and a computer program stored in the memory and capable of running on the processor, wherein the processor executes the steps of the software risk resolution method according to the application through the computer program.
In a fourth aspect, the present application provides a computer storage medium storing computer executable instructions for performing the steps of the software risk resolution method of the present application described above.
Compared with the prior art, the technical scheme provided by the embodiment of the application has the advantages that when the target software is operated, if the target software is risk software, the trusted terminal operates the mirror image of the target software through the container and performs real-time risk monitoring through the security policy in the operation process of the container, wherein the mirror image of the target software and the security policy are issued by the trusted security management center. Therefore, after the risk software is identified, the risk software can be made into mirror images and placed in the container to run, and is isolated from other applications, so that the security threat to the terminal is reduced.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
In order to more clearly illustrate the embodiments of the invention or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, and it will be obvious to a person skilled in the art that other drawings can be obtained from these drawings without inventive effort.
One or more embodiments are illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like references indicate similar elements, and in which the figures of the drawings are not to be taken in a limiting sense, unless otherwise indicated.
FIG. 1 is a schematic diagram of an overall architecture according to an embodiment of the present application;
fig. 2 is a schematic flow chart of a software risk resolution method based on a container according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a risk software image downloading process according to an embodiment of the present application;
FIG. 4 is a schematic flow chart of another method for resolving risk of software based on a container according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a dynamic monitoring flow of a risk software running process according to an embodiment of the present application;
FIG. 6 is a flowchart of security policy management according to an embodiment of the present application;
FIG. 7 is a schematic diagram of a dynamic monitoring flow of risk software running in a container according to an embodiment of the present application;
FIG. 8 is a flowchart of risk software image construction and downloading according to an embodiment of the present application;
FIG. 9 is a schematic diagram of a system structure according to an embodiment of the present application;
FIG. 10 is a flow chart of risk software image construction and trusted management provided by an embodiment of the present application;
FIG. 11 is a schematic structural diagram of a container-based software risk resolution device according to an embodiment of the present application;
Fig. 12 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The following disclosure provides many different embodiments, or examples, for implementing different structures of the invention. In order to simplify the present disclosure, components and arrangements of specific examples are described below. They are, of course, merely examples and are not intended to limit the invention. Furthermore, the present invention may repeat reference numerals and/or letters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or configurations discussed.
The application discloses a container-based software risk resolution method, device, equipment and storage medium, which are used for reducing the threat of running risk software to a terminal and improving the safety of the terminal.
Referring to fig. 1, fig. 1 is a schematic diagram of an overall architecture provided by an embodiment of the present invention, and as can be seen from fig. 1, the scheme is mainly implemented in a trusted security management center and a trusted terminal. The trusted security management center and the trusted terminal are both trusted computing environments, and the trust source of all trusted computing is the trusted root of hardware. The trusted security management center mainly realizes operations such as identification, mirror image construction, strategy formulation, software centralized management and issuing of risk software, and the trusted terminal mainly realizes operations such as operation of the risk software, monitoring of the mirror image of the risk software, strategy execution, state feedback and the like.
The method comprises the steps of carrying out identification of risk software and construction of a container mirror image in a trusted environment of a trusted security management center when a terminal is required to download target software with risk, safely downloading the container mirror image of the risk software to the trusted terminal through a trusted security channel, running the container mirror image of the risk software through the container in the trusted environment of the trusted terminal, and carrying out dynamic monitoring in the running process. Therefore, the scheme adopts trusted computing and container technology to perform trusted monitoring, container isolation and risk monitoring on the risk software applied to the trusted terminal, so that security risk digestion is realized, and the security of the running environment and the process of the trusted terminal software is protected.
Referring to fig. 2, fig. 2 is a flow chart of a software risk resolving method based on a container, provided by an embodiment of the present application, where the software risk resolving method is applied to a trusted terminal, and the software risk resolving method includes:
s101, determining target software to be operated;
If the target software to be operated by the trusted terminal does not exist locally, a request for downloading the target software needs to be sent to the trusted security management center, and if the target software is risk software, a mirror image of the target software and a corresponding security policy sent by the trusted security management center are received.
In this embodiment, a software resource centralized downloading manner is adopted to perform security management on the trusted terminal software. When a certain software resource is needed by the trusted terminal, a downloading request is sent to the trusted security management center, and after the trusted security management center receives the downloading request, the identity and the authority of the trusted terminal are authenticated. If the authentication of the trusted terminal fails, the software is refused to be downloaded, if the authentication of the trusted terminal is passed, whether corresponding software exists in a resource library is judged, if the authentication of the trusted terminal is not passed, a software source of target software is obtained, after the software source enters a trusted security management center, whether the software source is trusted or not is verified through a trusted measurement mechanism, if the software source is trusted, risk identification is continued on the software, if the software source is not at risk, the software source is directly put into the software resource library, if the software source is at risk, the risk of the software source is to be evaluated, the risk of the evaluated software source is an acceptable risk, the mirror image of the risk software is built through a container technology and is put into a risk mirror image library, and the problem after risk evaluation is summarized and analyzed to generate a security policy. If the corresponding software exists in the resource library, the corresponding software is directly called from the corresponding resource library; if the target software is the risk software, acquiring the mirror image of the target software from the risk mirror image library, and packaging the mirror image and the corresponding security policy together to be issued to the trusted terminal. The software downloaded by the trusted terminal includes a software update package and a software installation package.
The security policy is a policy for ensuring that the target software safely operates at the trusted terminal, and the trusted security management center needs to be set in a targeted manner according to the risk assessment condition of the target software when generating the security policy corresponding to the target software. In this embodiment, the security policy includes a policy how to construct the container, a policy how to monitor abnormal behavior of the image of the target software in the container, and the like, which is not particularly limited herein.
S102, judging whether the target software is risk software or not;
if not, executing S104 to run the target software;
s103, running the mirror image of the target software through the container, and performing real-time risk monitoring through a security policy in the running process of the container, wherein the mirror image of the target software and the security policy are issued by a trusted security management center.
It should be noted that, with the widespread use of cloud computing technology, the Docker container technology is largely applied to various computing environments. The Docker realizes a lightweight operating system and a containerized operating environment through a mechanism of sharing a kernel with a host machine, and has the characteristics of second-level starting, large-scale scalability and the like. Docker utilizes its own mechanism to realize the isolation between container and host computer, container and container, have guaranteed the security of the container operation environment to a certain extent. In order to monitor and protect the security state of the trusted terminal, the trusted terminal is combined with the Docker container technology to establish an integrated security protection mechanism on the basis of the trusted, so that the security of the terminal operation environment is greatly improved.
Specifically, if the target software is risk software, the target software is run using the container. When the target software is operated, firstly, a container is created according to a container creation strategy in the security strategies, and then the mirror image of the target software is loaded into the container to operate. In the whole process of creating, loading and running the mirror image by the container, adopting a trusted policy of the security policy to ensure the security and reliability of the software running, in the process of running the container, performing risk monitoring on the running state of the target software in real time according to the risk policy in the security policy, if abnormality is detected, timely taking emergency treatment measures in the security policy, blocking the communication between the container and the host, isolating the risk software, recovering the damaged site and ensuring the security of the running environment of the host.
In summary, when the target software is operated, if the target software is risk software, the trusted terminal operates the mirror image of the target software through the container and performs real-time risk monitoring through the security policy in the operation process of the container, wherein the mirror image of the target software and the security policy are issued by the trusted security management center. Therefore, after the risk software is identified, the risk software can be made into mirror images and placed in the container to run, and is isolated from other applications, so that the security threat to the terminal is reduced.
Based on the above method embodiment, in this embodiment, the process of receiving the mirror image of the target software and the corresponding security policy sent by the trusted security management center specifically includes the following steps:
receiving a risk mirror image package sent by a trusted security management center through a trusted connection channel, wherein the risk mirror image package is generated by the trusted security management center after encrypting a mirror image and a security policy of target software through a password mechanism;
decrypting the risk image package through a password mechanism to generate an image and a security policy of the decrypted target software;
and carrying out integrity verification on the decrypted mirror image and the decrypted security policy of the target software, and storing the mirror image and the decrypted security policy of the target software into a security storage area after verification is successful.
Specifically, after the trusted security management center finds out the mirror image corresponding to the target software from the software mirror image library, the mirror image and the corresponding security policy can be encrypted through a password mechanism to obtain a risk mirror image package, and the risk mirror image package can be transmitted to the trusted terminal through a trusted security channel; after receiving the risk image package, the trusted terminal separates the software image and the security policy through decryption, performs integrity verification, and stores the verification in a security storage area of the trusted terminal.
Referring to fig. 3, a schematic diagram of a downloading flow of a risk software image is provided for an embodiment of the present application, and as can be seen from fig. 3, a secure downloading process of the risk software image mainly includes a trusted security mechanism of a trusted security management center, a trusted connection mechanism in a software transmission process, and a trusted security mechanism of a trusted terminal. Specifically, the whole process specifically comprises the following steps:
1. the risk software makes a risk mirror image package in a trusted security management center and issues the risk mirror image package
When the trusted terminal is to run the target software which is not locally available, a request for downloading the target software is sent to the trusted security management center, after the trusted security management center receives the downloading request, the identity and the authority of the trusted terminal are authenticated, after the authentication is passed, if the target software is the risk software, the mirror image of the target software and the security policy are packaged together through a password mechanism, and a risk mirror image package is generated and sent through a trusted interface. And if the target software is not the risk software, directly issuing the security package of the target software to the trusted terminal.
The cryptographic mechanism adopted by the trusted security management center comprises, but is not limited to, methods such as authentication certificates, signatures, asymmetric encryption, symmetric encryption and the like.
2. Transmitting risk image package in trusted connection channel between trusted nodes
In this embodiment, both the trusted security management center and the trusted terminal are trusted nodes, and the trusted security management center and the trusted terminal establish a trusted connection channel under the support of a trusted computing mechanism to ensure data security transmission between the two.
3. Reception, trusted verification and secure storage of risk software at a trusted terminal
After the risk mirror image package is issued to the trusted terminal through the trusted connection channel, decryption is carried out through a password mechanism, integrity verification is carried out on the content of the risk software mirror image package, and after verification, the mirror image of the risk software and a corresponding security policy are stored in a security storage area.
The cryptographic mechanism adopted by the trusted terminal comprises but is not limited to methods such as certificate verification, signature verification, asymmetric decryption, symmetric decryption and the like, and the security mechanism adopted by the trusted terminal for decrypting the risk software image package corresponds to the security mechanism adopted by the trusted security management center for encryption, if the security mechanism adopted by the trusted security management center for encryption is an authentication certificate, the security mechanism adopted by the trusted terminal for decrypting the risk software image package is certificate verification, the security mechanism adopted by the trusted security management center for encryption is asymmetric encryption, and the security mechanism adopted by the trusted terminal for decrypting the risk software image package is asymmetric decryption.
Referring to fig. 4, fig. 4 is a flow chart of another software risk resolving method based on a container, provided by an embodiment of the present application, where the software risk resolving method is applied to a trusted terminal, and the software risk resolving method includes:
s201, determining target software to be operated;
S202, judging whether the target software is risk software or not;
if not, executing S206 to run the target software;
S203, running the mirror image of the target software through the container, and monitoring the running state of the target software in real time through a security policy in the running process;
S204, if the running state of the target software is monitored to be an abnormal state, executing corresponding processing operation through a processing strategy in the security strategy;
s205, generating a risk report according to the state data and the abnormal state of the target software in the running process, and sending the risk report to the trusted security management center so that the trusted security management center updates the security policy according to the risk report.
In the embodiment, the process of monitoring the running state of the target software and executing the processing operation comprises the steps of loading the mirror image of the target software to a container and carrying out static measurement according to a trusted policy, wherein the security policy comprises the trusted policy and a risk policy, running the mirror image of the target software through the container, carrying out dynamic measurement through the trusted policy in the running process, and monitoring the resource use condition, the running condition of a risk point and the authority use condition through the risk policy. If at least one of the resource use condition, the running condition of the risk point and the authority use condition is detected to be abnormal, the corresponding processing operation is executed according to the abnormal processing strategy in the risk strategy.
It should be noted that, the core of the scheme is to utilize the isolation mechanism in the container technology under the trusted environment to perform risk resolution in the running process of the risk software. And establishing a trust chain at the trusted terminal by utilizing a hardware trusted root, and establishing a trusted safe operation environment so as to ensure the security of mirror image software in the container in the operation process. Fig. 5 is a schematic diagram of a dynamic monitoring flow of a risk software running process provided by an embodiment of the present application, and as can be seen from fig. 5, after a trusted terminal receives a risk software running request, a risk policy issued by a trusted security management center is obtained, a trusted measurement is performed on a mirror image through a trusted control, and a container environment is configured according to the security policy through a container daemon. The method specifically configures the creation process of the container according to the trusted policy and the risk policy, including but not limited to access rules and rights, CPU (Central Processing Unit ) and memory occupation conditions, call and storage locations of data, network restrictions, and the like.
When the container is started, the risk mirror image is led into the container to run, and components such as processes, file systems and network connection in the container are isolated, so that the container runs in a trusted environment, and the safety and isolation in the container are ensured. Isolation guarantee is a core mechanism of container security protection, and aims to ensure mutual isolation of data and resources between applications in a container and other containers and trusted terminal systems. And in the process of running the risk software by the trusted terminal, adopting risk monitoring and trusted monitoring to dynamically monitor the running process of the risk mirror image in the container.
The risk monitoring is to monitor the resource use condition, the running condition of risk points and the authority use condition according to a risk policy, wherein the resource use condition comprises the use condition of resources such as a file system, a process, a network and the like. In the embodiment, the risk policy includes, but is not limited to, a network limitation implementation method, controlling communication between containers by setting an access rule, limiting an internal process by designing a process operation rule, limiting memory resource occupation, preventing risk attacks and memory leakage of application programs, limiting CPU use conditions, preventing CPU abnormal occupation conditions, reducing the number of sub-processes and file descriptors by applying resource limitation, preventing illegal writing into a file system by limiting the file system, resisting risk attacks, preventing attackers from utilizing and acquiring all root authorities of the system by limiting kernel capabilities, and preventing risk actions such as override by limiting access authorities of processes and users. Trusted monitoring refers to the measurement of the whole life cycle of the establishment, the starting, the running, the deletion, the related data storage and the like of the container according to a trusted policy, and comprises static measurement and dynamic measurement, and the security and the reliability of the running of mirror image software in the container are protected.
If the abnormal operation of the software in the container is detected, an alarm is immediately given, and emergency treatment measures are adopted through a trusted control mechanism according to a policy, including but not limited to closing a network port of the container, terminating the operation of the container process, stopping data call and storage, recovering from the site and the like. In addition, in the running process of the risk mirror image, a risk report needs to be generated by the running data and the abnormal data, and the risk report is periodically reported to a trusted security management center so as to update the security policy.
Referring to fig. 6, fig. 6 is a flowchart of security policy management provided by the embodiment of the present application, and as can be seen from fig. 6, the policy mechanism of the present application is completed by the trusted security management center and the trusted terminal together, so as to form a complete closed-loop mechanism. The method comprises the steps of detecting the risk of the strategy, generating the safety strategy and perfecting and updating the strategy in a trusted management safety management center, executing the strategy and feeding back the strategy problem in a trusted terminal, and providing data information for the trusted safety management center to measure the strategy update and perfection. The management flow of the security policy mainly comprises the following parts:
1. Generation of security policies
The security policy is generated at a trusted security management center. After the new software source enters the trusted security management center, the new software source is subjected to trusted processing and risk analysis, and a security policy is generated by combining the software source information. The security policy comprises a trusted policy and a risk policy, and the trusted policy and the risk policy are managed and maintained by a trusted mechanism and a risk mechanism respectively. Trusted policies include, but are not limited to, trusted management policies, configuration policies, trusted benchmark policies, metrics policies, validation policies, access control policies, cryptographic service policies, untrusted disposal policies, etc., and risk policies include, but are not limited to, risk management policies, container configuration policies, resource occupancy settings of containers, rights configurations, interface control policies, risk point targeting policies, and exception handling policies.
2. Downloading and storing security policies
The security policies are synchronized together to the trusted terminal when the risk software image is downloaded, and can be independently issued to the trusted terminal and synchronously updated in the policy library when the security policies are updated but the software image does not need to be updated. The security policies are stored in the secure storage area at both the trusted security management center and the trusted terminal.
3. Enforcement of security policies
The security policy is executed in the trusted terminal, the risk software is dynamically monitored during the running process in the container, and if abnormality exists, policy handling is immediately performed through the control mechanism.
4. Security policy update
The security policy updates reporting information derived from the feedback of the source and trusted terminals of the software. The trusted security management center obtains the update of the policy information from the software source side, and the policy information can be updated after the trusted report and the risk report uploaded by the trusted terminal are evaluated.
Referring to fig. 7, fig. 7 is a schematic diagram of a dynamic monitoring flow of risk software running in a container according to an embodiment of the present application, and as can be seen from fig. 7, the monitoring flow of risk software in a trusted terminal running process includes the following steps:
1. the trusted terminal system receives the software running request, judges whether the software is marked risk software, runs in a container mode if the software is marked risk software, and sends a downloading request to the trusted security management center if the software is not locally mirrored;
2. After receiving a risk software image and a security policy issued by a trusted security management center, creating a container, loading the image and running the image according to the security policy, wherein the whole process adopts a trusted measurement mechanism to ensure the security and reliability of software running;
3. in the process of risk monitoring, if abnormality is detected, the data is processed according to the risk treatment strategy in the risk strategy, the data is summarized and added into the report, and after the container operation is finished, the operation data is summarized and added into the report, and finally the generated report is uploaded to a trusted security management center.
In summary, it can be seen that, in the scheme, after the trusted security management center performs risk identification, policy generation and container image construction on the target software to be downloaded, the trusted terminal downloads the risk software image and the security policy through the trusted security channel, and performs dynamic monitoring and report uploading on the running process of the risk software image through the security policy when the container runs. By the method, the running process of the risk software can be isolated from other applications, and the threat to the terminal by the risk software is reduced under a double protection mechanism of trusted computing and container technology.
Referring to fig. 8, fig. 8 is a flowchart of risk software image construction and downloading provided by an embodiment of the present application, and as can be seen from fig. 8, the risk software image construction flow includes the following contents:
1.1, after a software source required by a trusted terminal enters a trusted security management center, performing trusted verification through a trusted measurement mechanism to determine whether the software source is trusted;
1.2, if the software source is trusted, generating a trusted policy, and continuing to identify risks of the software;
1.3, if the risk exists in the software source, evaluating the risk of the software source, and if the risk of the evaluated software source is acceptable, constructing a mirror image through a container technology to manufacture a risk software mirror image and putting the risk software mirror image into a risk mirror image library;
And 1.4, summarizing and analyzing the problems after risk assessment to generate a risk strategy.
The risk software image downloading flow comprises the following contents:
2.1, the trusted terminal sends a download request of required software to a trusted security management center;
2.2, after receiving the download request, the trusted security management center judges whether the trusted terminal has the authority to download the software;
If the authority verification is passed, the trusted security management center judges whether the software to be downloaded is risk software;
2.4, if the software to be downloaded is not risk software but security software, acquiring security software and a trusted policy from a software resource library, encrypting the security software and the trusted policy by a password mechanism, generating a security software installation package and transmitting the security software installation package to a trusted terminal;
2.5, if the software to be downloaded is risk software, calling a risk software image of the software from a risk image library, and encrypting the risk software image, a risk strategy and a trusted strategy to manufacture a risk software package;
And 2.6, if the trusted terminal receives the security software installation package, decrypting the security software installation package, and then storing the security software and the trusted policy in the security storage area, and if the trusted terminal receives the risk software package, decrypting the risk software package, and then storing the mirror image of the risk software and the security policy in the security storage area.
In summary, the application is based on a trusted computing system architecture, and the software of the trusted terminal is uniformly managed, authenticated and issued by a trusted security management center, so that the security and reliability of the source of the software of the trusted terminal are ensured. The software of the trusted terminal performs risk identification in the trusted security management center, generates a risk policy, constructs a container mirror image through a container technology with high risk level, isolates other applications by the mirror image of container operation risk software, reduces security threat to the terminal, and monitors the operation process of the target software through the security policy when the target software operates in the container, thereby ensuring the security and isolation of the container operation environment.
Referring to fig. 9, fig. 9 is a schematic diagram of a system structure provided by an embodiment of the present invention, and as can be seen from fig. 9, the system mainly includes a trusted security management center and a trusted terminal, where the trusted security management center is a platform for security analysis, risk policy configuration, software issuing, trusted management and real-time monitoring of the trusted terminal, and the trusted terminal is a computing node in a trusted computing mechanism, and is a terminal used by a user and an object of security assurance. Here, the trusted security management center and the trusted terminal are specifically described respectively.
1. The trusted security management center mainly comprises a risk analysis subsystem, a risk strategy subsystem, a risk report management subsystem, a container management subsystem, a software resource library, a risk mirror image library, a trusted related trusted password subsystem, a trusted management subsystem and the like. Wherein:
The risk analysis subsystem is a subsystem for managing the source of software used by the trusted terminal and is responsible for the tasks of risk identification, problem analysis, risk resolution and the like of the software or not by adopting a container technology.
The risk policy subsystem is a subsystem for analyzing and formulating risk policies, and mainly prepares management and control policies of risk software according to information of software sources, problems of risk analysis, feedback content of risk reports and credible related management policies.
The risk report management subsystem is a subsystem for uploading risk report management to the trusted terminal and is responsible for receiving the risk report and analyzing the content.
The container management subsystem is an application subsystem of the container technology in a trusted security management center and is responsible for the works of image construction and updating, container warehouse management, image distribution, container comprehensive management and the like.
The trusted cryptography subsystem is a service subsystem of a cryptography mechanism and is responsible for cryptographic support work such as measurement, data encryption and transmission of trusted computation.
The trusted management subsystem is a platform for unified management and service of the trusted terminal and is responsible for the trusted related work such as identity authentication, state management, policy management, trusted control and the like of the trusted terminal.
The risk mirror image library stores terminal software mirror images with security risks after risk analysis, and the mirror images are also trusted authenticated. Only the software which is subjected to the trusted authentication can be issued to the trusted terminal, and the software is installed and operated in the trusted terminal.
2. The trusted terminal mainly comprises a risk monitoring module, a risk reporting module, a container module, a risk mirror image, a trusted related trusted application module, a trusted control module, a trusted password module and the like. Wherein:
The risk monitoring module is a monitoring module of the running process of risk software in the container and is mainly responsible for the work such as real-time acquisition of data, monitoring of a data interface, alarm of abnormal behaviors and the like in the running process of the risk module.
The risk report module is used for recording state data in the running process of the risk software and is responsible for the work of data collection, arrangement and the like of the running state of the risk software.
The container module is the application of container technology in a trusted terminal and is responsible for the works of creating a container, running and controlling a mirror image, configuring and managing the container and the like.
The trusted application module, the trusted control module and the trusted cryptography module are assurance modules of a trusted computing mechanism and are responsible for guaranteeing the safety and the reliability of the operating environment of the trusted terminal.
Referring to fig. 10, fig. 10 is a flowchart of risk software image construction and trusted management based on a system structure according to an embodiment of the present invention. As can be seen in the view of figure 10,
When target software required by a terminal enters a trusted security management center, a risk analysis subsystem carries out risk identification and security detection on the target software, an analysis result is sent to a risk policy subsystem for policy formulation, the software without risk after detection is directly stored in a software resource library, the software without risk after detection is subjected to containerization processing by a container management subsystem to generate a risk software mirror image, the risk software mirror image is stored in a risk mirror image library, the software without risk is subjected to local isolation or deletion treatment, and all the software waiting to be downloaded in the entering library can be issued to the terminal after being subjected to local authentication by the trusted management subsystem.
Each trusted terminal needing to download target software needs to send a downloading request to a trusted security management center, a trusted management subsystem of the trusted security management center judges the downloading authority of the terminal after receiving the downloading request, if the terminal has the downloading authority, then judges whether the downloaded software is risk software or not, if the downloaded software is risk software, corresponding software is called out in a risk software mirror image library, the corresponding trusted strategy and the risk strategy are manufactured into a risk mirror image package together to be sent to the terminal, and after the trusted terminal installs and operates the risk software, a risk report is generated at the terminal and uploaded to the trusted security management center for updating and using the risk strategy. The trusted terminal is isolated from other applications through the mirror image of the container running risk software, so that the security threat to the terminal is reduced, and the running process of the target software can be monitored through a security policy when the target software runs in the container, so that the security and isolation of the container running environment are ensured.
Referring to fig. 11, fig. 11 is a container-based software risk resolution device provided by an embodiment of the present application, where the software risk resolution device is applied to a trusted terminal, and the device specifically includes:
A determining module 11, configured to determine target software to be run;
the judging module 12 is used for judging whether the target software is risk software or not, and if so, triggering the monitoring module;
the monitoring module 13 is configured to operate the mirror image of the target software through a container, and perform real-time risk monitoring through a security policy in the operation process of the container, where the mirror image of the target software and the security policy are issued by the trusted security management center.
As an alternative embodiment, the monitoring module comprises:
the monitoring unit is used for running the mirror image of the target software through the container and monitoring the running state of the target software in real time through the security policy in the running process;
and the processing unit is used for executing corresponding processing operation through the processing strategy in the security strategy.
As an alternative embodiment, the monitoring unit comprises:
A loading subunit configured to load an image of the target software into the container;
the static attitude quantum unit is used for carrying out static measurement according to a trusted policy, wherein the security policy comprises the trusted policy and a risk policy;
an execution subunit for executing an image of the target software through the container;
the dynamic measurement subunit is used for carrying out dynamic measurement through the trusted policy in the running process;
And the risk monitoring subunit is used for monitoring the resource use condition, the running condition of the risk point and the authority use condition through the risk policy in the running process.
As an alternative embodiment, the processing unit is specifically configured to:
And if at least one of the resource use condition, the running condition of the risk point and the authority use condition is detected to be abnormal, executing the corresponding processing operation according to the abnormal processing strategy in the risk strategy.
As an alternative embodiment, the monitoring module further comprises:
The report generating unit is used for generating a risk report according to the state data and the abnormal state of the target software in the running process;
And the report sending unit is used for sending the risk report to the trusted security management center so that the trusted security management center updates the security policy according to the risk report.
As an alternative embodiment, further comprising:
the sending module is used for sending a request for downloading target software to the trusted security management center;
And the receiving module is used for receiving the mirror image of the target software and the corresponding security policy sent by the trusted security management center when the target software is risk software.
As an alternative embodiment, the receiving module includes:
The receiving unit is used for receiving a risk image package sent by the trusted security management center through a trusted connection channel, wherein the risk image package is generated by encrypting an image of the target software and the security policy through a password mechanism by the trusted security management center;
The decryption unit is used for decrypting the risk image package through the password mechanism and generating an image and a security policy of the decrypted target software;
the verification unit is used for carrying out integrity verification on the decrypted mirror image of the target software and the security policy, and triggering the storage unit after verification is successful;
and the storage unit is used for storing the mirror image of the target software and the security policy into the security storage area.
The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.
Referring to fig. 12, fig. 12 is a schematic structural diagram of an electronic device according to an embodiment of the present application, where the electronic device specifically includes:
the processor 21, the memory 22 and the computer program stored in the memory 22 and capable of running on the processor 21, the processor 21 executes the steps of the software risk resolution method according to any of the above method embodiments through the computer program.
Processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, etc. The processor 21 may be implemented as at least one of hardware form of DSP (DIGITAL SIGNAL Processing), FPGA (Field-Programmable gate array), PLA (Programmable Logic Array ). The processor 21 may also include a main processor, which is a processor for processing data in a wake-up state, also called a CPU (Central Processing Unit ), and a coprocessor, which is a low-power processor for processing data in a standby state. In some embodiments, the processor 21 may integrate a GPU (Graphics Processing Unit, image processor) for rendering and drawing of content required to be displayed by the display screen. In some embodiments, the processor 21 may also include an AI (ARTIFICIAL INTELLIGENCE ) processor for processing computing operations related to machine learning.
Memory 22 may include one or more computer-readable storage media, which may be non-transitory. Memory 22 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 22 is at least used to store a computer program 221, where the computer program, when loaded and executed by the processor 21, is capable of implementing the relevant steps in the software risk resolution method disclosed in any of the foregoing embodiments. In addition, the resources stored in the memory 22 may further include an operating system 222, data 223, and the like, where the storage mode may be transient storage or permanent storage. Operating system 222 may include Windows, unix, linux, among other things.
In some embodiments, the electronic device may further include a display 23, an input-output interface 24, a communication interface 25, a sensor 26, a power supply 27, and a communication bus 28.
Of course, the structure of the electronic device shown in fig. 12 is not limited to the electronic device in the embodiment of the present application, and the electronic device may include more or fewer components than those shown in fig. 12 or may combine some components in practical applications.
In another exemplary embodiment, a computer storage medium is also provided, which when executed by a processor, implements the steps of the software risk resolution method described in any of the method embodiments above. The storage medium may include a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, etc. that may store the program code.
Alternatively, specific examples in this embodiment may refer to examples described in the foregoing embodiments, and this embodiment is not described herein.
It is to be understood that the terminology used herein is for the purpose of describing particular example embodiments only, and is not intended to be limiting. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. The terms "comprises," "comprising," "includes," "including," and "having" are inclusive and therefore specify the presence of stated features, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, elements, components, and/or groups thereof. The method steps, processes, and operations described herein are not to be construed as necessarily requiring their performance in the particular order described or illustrated, unless an order of performance is explicitly stated. It should also be appreciated that additional or alternative steps may be used.
The foregoing is only a specific embodiment of the invention to enable those skilled in the art to understand or practice the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A container-based software risk resolution method, wherein the software risk resolution method is applied to a trusted terminal, and the software risk resolution method comprises:
Determining target software to be operated;
Judging whether the target software is risk software or not;
If yes, running the mirror image of the target software through a container, and monitoring the real-time risk through a security policy in the running process of the container, wherein the mirror image of the target software and the security policy are issued by a trusted security management center.
2. The software risk resolution method of claim 1, wherein running the mirror image of the target software through a container and performing real-time risk monitoring through a security policy during the running of the container comprises:
running the mirror image of the target software through a container, and monitoring the running state of the target software in real time through the security policy in the running process;
and if the running state of the target software is the abnormal state, executing corresponding processing operation through a processing strategy in the security strategy.
3. The software risk resolution method of claim 2, wherein running the image of the target software through the container, and during running, monitoring the running state of the target software in real time through the security policy, comprises:
Loading the mirror image of the target software to the container, and carrying out static measurement according to a trusted policy, wherein the security policy comprises the trusted policy and a risk policy;
Running a mirror image of the target software through the container;
in the running process, dynamic measurement is carried out through the trusted policy, and the resource use condition, the running condition of the risk point and the authority use condition are monitored through the risk policy.
4. The software risk resolution method according to claim 2, wherein if the running state of the target software is monitored to be an abnormal state, executing a corresponding processing operation by a processing policy in the security policy, including:
If the static measurement result and/or the dynamic measurement result are/is detected to be abnormal, executing corresponding processing operation according to an untrusted processing strategy in the trusted strategy;
If at least one of the resource use condition, the running condition of the risk point and the authority use condition is detected to be abnormal, executing corresponding processing operation according to an abnormal handling strategy in the risk strategy.
5. The software risk resolution method according to claim 2, wherein if it is monitored that the running state of the target software is an abnormal state, the software risk resolution method further comprises:
And generating a risk report according to the state data and the abnormal state of the target software in the running process, and sending the risk report to the trusted security management center so that the trusted security management center updates the security policy according to the risk report.
6. The software risk resolution method according to any one of claims 1 to 5, characterized by further comprising, before determining the target software to be run:
sending a request for downloading target software to a trusted security management center;
and if the target software is risk software, receiving the mirror image of the target software and the corresponding security policy sent by the trusted security management center.
7. The software risk resolution method according to claim 6, wherein the receiving the mirror image of the target software and the corresponding security policy sent by the trusted security management center includes:
receiving a risk image package sent by the trusted security management center through a trusted connection channel, wherein the risk image package is generated by the trusted security management center after encrypting an image of the target software and the security policy through a password mechanism;
Decrypting the risk image package through the password mechanism to generate an image and a security policy of decrypted target software;
and carrying out integrity verification on the decrypted mirror image and the decrypted security policy of the target software, and storing the mirror image and the decrypted security policy of the target software into a security storage area after verification is successful.
8. A container-based software risk resolution device, wherein the software risk resolution device is applied to a trusted terminal, the software risk resolution device comprising:
the determining module is used for determining target software to be operated;
the judging module is used for judging whether the target software is risk software or not, and if so, triggering the monitoring module;
The monitoring module is used for running the mirror image of the target software through a container and monitoring the real-time risk through a security policy in the running process of the container, wherein the mirror image of the target software and the security policy are issued by the trusted security management center.
9. An electronic device, comprising:
A processor, a memory and a computer program stored on the memory and executable on the processor, the processor executing the steps of the software risk resolution method of any one of the preceding claims 1 to 7 by means of the computer program.
10. A computer storage medium having stored thereon computer executable instructions for performing the steps of the software risk resolution method according to any of the preceding claims 1 to 7.
CN202411334729.2A 2024-09-24 2024-09-24 Container-based software risk mitigation method, device, equipment and storage medium Pending CN119377963A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411334729.2A CN119377963A (en) 2024-09-24 2024-09-24 Container-based software risk mitigation method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411334729.2A CN119377963A (en) 2024-09-24 2024-09-24 Container-based software risk mitigation method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN119377963A true CN119377963A (en) 2025-01-28

Family

ID=94323989

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411334729.2A Pending CN119377963A (en) 2024-09-24 2024-09-24 Container-based software risk mitigation method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN119377963A (en)

Similar Documents

Publication Publication Date Title
US10341321B2 (en) System and method for policy based adaptive application capability management and device attestation
US20210209221A1 (en) System for securing software containers with encryption and embedded agent
US11606211B2 (en) Secured system operation
CN113014539B (en) Internet of things equipment safety protection system and method
US20180285127A1 (en) Method for trusted booting of plc based on measurement mechanism
EP3262560B1 (en) System and method for verifying integrity of an electronic device
WO2018004600A1 (en) Proactive network security using a health heartbeat
EP3270318B1 (en) Dynamic security module terminal device and method for operating same
Nguyen et al. Cloud-based secure logger for medical devices
CN112446029B (en) Trusted Computing Platform
CN103518359A (en) Method, device and network for achieving attack resistance of cloud computing
JP2022543497A (en) Passive monitoring and prevention of unauthorized firmware or software upgrades between computing devices
CN101615230A (en) A method for trusted execution and trusted protection of files
KR20100054940A (en) Apparatus and method for preventing malware using signature verification for embedded linux
CN113422776A (en) Active defense method and system for information network security
Qin et al. RIPTE: runtime integrity protection based on trusted execution for IoT device
US11122079B1 (en) Obfuscation for high-performance computing systems
CN111859379B (en) Processing method and device for protecting data model
CN115879099A (en) DCS controller, operation processing method and protection subsystem
CN114095227B (en) Data communication gateway trusted authentication method, system and electronic equipment
CN119377963A (en) Container-based software risk mitigation method, device, equipment and storage medium
US20210326443A1 (en) Executing sotware
de la Piedra et al. Protection profile bricks for secure IoT devices
GB2572471A (en) Detecting lateral movement by malicious applications
CN111555857A (en) Edge network and network transmission method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination